On implementation of efficient inline DDoS detector based on AATAC algorithm

Distributed Denial of Service (DDoS) attacks constitute a major threat in the current Internet. These cyber‑attacks aim to flood the target system with tailored malicious network traffic overwhelming its service capacity and consequently severely limiting legitimate users from using the service. This paper builds on the state-of-the-art AATAC algorithm (Autonomous Algorithm for Traffic Anomaly Detection) and provides a concept of a dedicated inline DDoS detector capable of real-time monitoring of network traffic and near-real-time anomaly detection.The inline DDoS detector consists of two main elements: 1) inline probe(s) responsible for link-rate real-time processing and monitoring of network traffic with custom-built packet feature counters, and 2) an analyser that performs the near-real-time statistical analysis of these counters for anomaly detection. These elements communicate asynchronously via the Redis database, facilitating a wide range of deployment scenarios. The inline probes are based on COTS servers and utilise the DPDK framework (Data Plane Development Kit) and parallel packet processing on multiple CPU cores to achieve link rate traffic analysis, including tailored DPI analysis

Internet Przyszłości – nowa generacja sieci telekomunikacyjnych. Telekomunikacja i Techniki Informacyjne, 2009, nr 3-4

Obecna sieć internet opiera się na stosie protokołów TCP/IP oraz dwóch głównych założeniach: na oferowaniu jednej klasy usług (tj. usługi best effort) oraz przewymiarowaniu sieci. Te założenia projektowe w istotny sposób ograniczają obecnie rozwój sieci internet, uniemożliwiając oferowanie usług wymagających przekazu informacjiw czasie rzeczywistym. W artykule przedstawiono wyniki dotychczasowych prac ukierunkowanych na wprowadzenie jakości przekazu pakietów w sieci internet oraz przyjęte na dzień dzisiejszy główne założenia budowy sieci, nazwanej Internet Przyszłości

Simple admission control procedure for QoS packet switched military networks, Journal of Telecommunications and Information Technology, 2006, nr 3

Providing quality of service (QoS) into the networks based on the packet switched technologies, as ATM and IP, is currently the challenge for the military communi cation system designers. The main element for achieving QoS capabilities is to implement effective admission control (AC) function, which regulates the volume of submitted traffic to the network. The traditional approach for the AC is that it is invoked by each call requesting QoS. As a consequence, the call set-up latency is increasing and, in addition, the signaling traffic in the network is growing. This paper proposes a simple AC method that is based on the online traffic load measurements and assumes that the AC is involved only when the load exceeds a predefined threshold. As a consequence, for most of the connections the AC is not necessary to be executed and this causes lower set-up phase duration and limits the volume of signaling traffic. The numerical results showing effectiveness of the approach are included and compared with traditional AC performing

Analysis of the System with Vacations under Poissonian Input Stream and Constant Service Times, Journal of Telecommunications and Information Technology, 2013, nr 3

In the paper approximate formulas for the mean waiting times and the buffer dimensioning in the system with vacations fed by the stream of Poissonian type with constant service times is shown. Furthermore, in the considered system the time intervals of the availability/not-availability of the service are constant and are run alternately according to the assumed cycle. More precisely, presented approach begin with derivation of the mean waiting times and, on the basis of this, the required buffer size for guaranteeing the losses less than predefined value is estimated. The accuracy of the presented analytical formulas is on a satisfactory level. The formulas were used for the System IIP dimensioning

Analysis of the Discrete-time Multi-queue System with a Cycle-based Scheduler, Journal of Telecommunications and Information Technology, 2021, nr 2

This paper presents an analysis of a discrete-time multi-queue system handling a number of packet streams. The analysis focuses on calculating system state distribution and packet sojourn time distribution. The method relied upon for determining system state distribution is based on creating a number of equations that are solved numerically. Next, based on the distribution calculated in such a manner, we derive relations for packet sojourn time distribution. The models studied may be useful for instance in a system supporting a number of virtual links (each of a constant bitrate) that share a common physical link. Isolation of performance of those virtual links needs to be assured. Finally, we present some exemplary numerical results showing the usefulness of the proposed analysis for supporting the system dimensioning proces

PFS scheme for forcing better service in best effort IP network, Journal of Telecommunications and Information Technology, 2004, nr 2

The paper presents recent results corresponding to a new strategy for source traffic generating, named priority forcing scheme (PFS), allowing Internet users for getting better than best effort service in IP network. The concept of PFS assumes that an application, called PFS application, sends to the network a volume of additional traffic for the purpose of making the reservations for the data traffic in the overloaded router queues along the packet path in the IP network. The emitted redundant packets, named R-packets, should be rather of small size comparing to the data packets, named D-packets. The PFS scheme assumes that the R-packets waiting in a queue can be replaced by the arriving D-packets and belonging to the same flow. In this way, the D-packets can experience a prioritised service comparing to the packets produced by a non-PFS application. Notice that the proposed solution does not require any quality of service (QoS) mechanisms implemented in the network, like scheduler, dropping, marking etc., except R- and D-packets identification and replacing. We discuss the PFS efficiency for forcing priority in the overloaded conditions. Moreover simple system analysis is also presented. Finally, the profits of using PFS scheme are illustrated by examples corresponding to FTP (TCP controlled traffic) and VoIP (UDP streaming traffic) applications

On effectiveness of conditional admission control for IP QoS network services with REM scheme, Journal of Telecommunications and Information Technology, 2002, nr 2

Future IP QoS (quality of service) networks are aiming at differentiating transfer quality of packets belonging to different flows. For this purpose, a set of network services (NS) with different QoS objectives is defined and implemented in the network. To a NS a certain amount of network resources, i.e. dedicated link capacity with associated buffer size, is allocated. Moreover, the resources dedicated for one NS are not available for other NSs. Traditional approach for admission control algorithm corresponding to given NS takes into account current traffic conditions inside considered NS. This can lead to the situation, due to traffic fluctuations, that temporary overloaded NS cannot use the spare bandwidth from underloaded in this time other NSs. This paper describes a conditional admission control algorithm (C-AC), allowing us to admit new packet flow conditionally in the case where no available capacity inside a given NS. For conditionally accepted flow currently unused capacity, dedicated to other NS, is allocated. This can be done only in the case when QoS requirements for both the conditionally accepted flow and the flows in progress are satisfied. The conditions for effective using of C-AC algorithm are discussed in the paper, like characteristics of NS borrowing and lending capacity and their current traffic load. To show potential benefits of the approach, exemplary numerical results are included, corresponding to hypothetical NSs using REM (rate envelope multiplexing) scheme

A comparison of ATM and IP QoS network capabilities for handling LAN traffic with QoS differentiation, Journal of Telecommunications and Information Technology, 2003, nr 4

Now, a network operator must choose between two packet switched technologies for providing QoS in WAN networks, which are ATM and IP QoS [3, 4, 9]. As ATM has reached the maturity with capabilities for offering a number of different network services (i.e. CBR, VBR, ABR, UBR, GFR), the IP QoS with network services like expedited forwarding, assured forwarding, etc. is still at developing phase but nevertheless is commonly regarded as capable to guarantee in near future similar QoS level as ATM. This paper tries to compare the efficiency of the mentioned technologies (in case of IP QoS network the AQUILA network concept [1, 2] is investigated) for handling traffic generated by LANs with QoS differentiation. This is extremely required since the applications running in LAN differ in QoS requirements and emitted traffic profiles (streaming, elastic). Therefore, a classification process of outgoing LAN traffic into predefined sub-streams should be performed at the entry point to WAN network (edge ATM switch or IP router). Furthermore, particular sub-streams are submitted to adequate WAN network service, available in ATM or IP QoS. The paper presents the experimental results, measured in the test bed, corresponding to QoS level and QoS differentiation provided by ATM and IP QoS core. For this purpose, a set of representative applications currently available to a LAN user was selected demanding from the core different QoS level. They correspond to streaming applications like VoIP with QoS objectives represented mainly by packet delay characteristics and elastic applications controlled by TCP protocol with minimum guaranteed throughput/ goodput as target

Impact of Signaling System Performance on QoE in Next Generation Networks, Journal of Telecommunications and Information Technology, 2009, nr 4

The first experience of quality by multimedia applications’ users takes place during the setup phase of a new connection. If the setup phase is not accepted or “slowly accepted”, the confidence of the user decreases. The user becomes more sensitive when he/she pays the connections with assured quality of service (QoS). In this case, the process of call request should be also accomplished with QoS guarantees. This paper presents the signaling sub-system implemented within the EuQoS system. The EuQoS signaling process follows main assumptions of next generation networks (NGN) architecture and performs tasks related with codec agreement between multimedia end users, admission control and resource reservation functions. In this paper, we present analytical, simulation and experimental results showing the impact of signaling system performance on quality of experience (QoE) for the potential users of multi-layer EuQoS system. In particular, the presented approach aims at ensuring user QoE of the connection setup phase by ensuring QoS for transferring signaling messages by the network

The IP QoS System, Journal of Telecommunications and Information Technology, 2011, nr 3

This paper shortly describes the IP QoS System which offers strict quality of service (QoS) guarantees in IP-based networks and supports a number of, so called, classes of services. Such solution requires to implement in the network a set of QoS mechanisms and algorithm working on packet, connection request and provisioning levels. Furthermore, we require signaling system for informing the network about new connection request and network resource allocation capabilities for providing required resources to given connection. The IP QoS System is based on the next generation networks (NGN) and differentiated services (DiffServ) architectures and, at least for now, it is designed for single domainonly